The invention relates generally to security in programmed devices, and, more particularly, to a method and apparatus for controlling access to confidential data stored in a memory.
The financial value of data and/or programmed instructions (e.g., software) is often dependent upon its general availability to the interested public. For example, if information in the form of data or programmed instructions is made available free of charge on the Internet, the commercial value of that information will quickly fall toward zero as few people will pay to receive something they can readily obtain for free. Thus, the desirability of maintaining the secrecy of data and/or programmed instructions with respect to all but paying purchasers of the secret information has long been known.
There are many contexts in which the concept of deriving value from information by limiting access thereto has been exploited. For example, conditional access broadcasting networks such as cable television networks and, more recently, direct satellite broadcasting networks are based on the premise of limiting access to broadcasted information to paying subscribers. Even more recently, the idea of limiting access to broadcasted data has been expanded to the computer networking context by Hughes Network Systems"" DirecPC(trademark) product. The DirecPC(trademark) product broadcasts requested information to a requesting computing device (typically, a personal computer) via a satellite as a means to expedite information delivery from the Internet.
Most such broadcasting systems employ one or more cryptographic techniques to control access to the broadcasted information. For example, most such systems employ one or more keys to encrypt broadcasted data in accordance with a mathematical algorithm that makes it very difficult to decrypt the data in a reasonable amount of time absent knowledge of the key used to encrypt the data. An explanation of many such cryptographic techniques including an explanation of the Data Encryption Standard (DES) algorithm that is frequently employed to encrypt broadcasted information is contained in Schneier, Applied Cryptography, (Second Ed. 1996), which is hereby incorporated in its entirety by reference.
The need to protect the secrecy of information is not limited to the broadcasting context. There are many applications wherein it is important from, for example, a commercial standpoint to maintain the secrecy of information as it is locally processed by a personal computer. By way of example, not limitation, in some applications it is desirable to permit processing of secret data while maintaining the secrecy of the data to the outside world. By way of another example, in some instances it is desirable to permit secret execution of programmed instructions (e.g., software) within a processor without permitting access to the decrypted instructions themselves outside of the processor.
Various devices have been developed for maintaining the secrecy of information. However, since the secret information protected by these devices often have significant commercial value, a sub-culture of individuals commonly referred to as xe2x80x9chackersxe2x80x9d has developed. These individuals spend considerable amounts of time attempting to frustrate or xe2x80x9chackxe2x80x9d the security measures of these devices in an effort to usurp the commercial value of the secret information. The hackers have had varying levels of success in their efforts. Accordingly, there is a need for an improved, more flexible, apparatus for providing a secure environment for processing information which achieves a higher level of security against hackers than known devices. In addition, there is a need for such an apparatus that overcomes memory limitations inherent in secure devices and whose software can be upgraded in the field.
It is a well known assumption of accepted cryptographic practice that secrecy must reside entirely in the keys of the system. In other words, for a device to be deemed secure, an attacker having access to all information about the system except for the keys must still be unable to decrypt encrypted information in a reasonable amount of time. Thus, the secrecy of the key material is of paramount importance in a device for providing a secure environment.
To this end, devices for encrypting, decrypting and/or maintaining the secrecy of information typically include a secure memory of some type for storing key material and other possibly sensitive data. In order to control access to that key material, it is often necessary to limit access to the secure memory to trusted software and/or hardware components. More specifically, it is often necessary to place restrictions on when, who, and under what circumstances the memory storing key material can be addressed.
One problem with limiting access to a memory is testability. Another problem is limiting access to field deployed units while still allowing initial programming in the factory. In order to verify that the memory is functioning properly before releasing a device into the field, it is often necessary to have full read/write access thereto. Moreover, such access must typically be provided after a device is completely, or nearly completely constructed. As a result, such devices often include a testing mode wherein, upon occurrence of a certain condition or event, the device assumes it is in test mode and permits full read/write access to the memory. If a hacker is able to fool a device containing key material into entering the test mode, the hacker may potentially obtain full access to the stored key material thereby completely compromising the security of the device.
In some prior art approaches, one or more mode bits stored in memory, or in an anti-fuse device, or the like, define whether the memory contains confidential data and/or whether the memory is in the testing mode. This mode bit(s) may be implemented as a simple checksum on the data in memory. In other words, the mode bit(s) may be set to equal some mathematical function(s) of some or all of the data stored in memory. Regardless of which traditional method for defining the mode bit(s) is employed, if a hacker changes the state of the mode bit(s), the hacker can potentially cause the memory to unlock into the testing mode thereby compromising the key material it contains Thus, it is desirable to provide an improved method and apparatus for determining whether a memory contains confidential data which is not dependent upon mode bit(s) stored in that memory or upon a checksum value stored in memory.
In accordance with an aspect of the invention, an apparatus for controlling access to confidential data is provided. The apparatus includes a non-volatile memory for storing data and a logic circuit for controlling access to the data contained in the memory. The logic circuit selectively accesses the memory to determine whether at least a portion of the data contained in the memory comprises confidential data by analyzing a property inherent in the accessed data.
In some embodiments, the logic circuit determines whether the data contained in the memory comprises confidential data by identifying data blocks in the accessed data having a predetermined characteristic, by counting the identified data blocks, and by comparing the count to a threshold value. In such embodiments, each of the data blocks may comprise a bit, and the predetermined characteristic may comprise a predefined logic state. Alternatively, each of the data blocks may comprise a plurality of bits, and the predetermined characteristic may comprise a binary value falling within a range of binary values.
Preferably, a change in the inherent property sufficient to cause the logic circuit to determine the data stored in the memory does not comprise confidential data will substantially destroy the data in memory.
In some embodiments, the logic circuit preferably comprises a hardware circuit. In some embodiments, the apparatus is provided with a processor and firmware cooperating with the logic circuit to control access to the confidential data stored in the memory. In some embodiments, the memory and logic circuit are resident on an integrated circuit and the integrated circuit provides a secure environment for loading and executing software.
In any of the foregoing embodiments, the logic circuit preferably erases the memory by replacing the data blocks originally stored in the memory with intermediate data blocks before erasing the memory to a final state. In such embodiments, the intermediate datablocks comprise non-confidential data having the predetermined characteristic. Also in such embodiments, the intermediate datablocks are preferably selected to ensure that the number of data blocks stored in the memory and having the predetermined characteristic remains at a level which causes the logic circuit to indicate the presence of confidential data until after substantially all of the confidential data is destroyed. In such embodiments, the logic circuit preferably erases the memory to the final state by replacing the intermediate data blocks stored in the memory with final data blocks. The final data blocks comprise non-confidential data which does not have the predetermined characteristic.
In some embodiments, the logic circuit is responsive to a predefined input to erase the programmable memory in stages. In such embodiments, the logic circuit writes a first intermediate value to a first location of the programmable memory in a first stage; the logic circuit writes a second intermediate value to a second location of the programmable memory in a second stage; and, the logic circuit writes a final value to the first and second locations of the programmable memory in a third stage. In such embodiments, the first intermediate value is preferably selected such that, if erasing of the memory is terminated before completion of the first stage, the counted number of data blocks in the memory will indicate that confidential data is present in the predefined section.
In accordance with an aspect of the invention, a method for identifying the presence of confidential data in a programmable memory is provided. The method comprises the steps of: defining a predetermined section of the programmable memory including a number of data blocks as a repository for confidential data; addressing the predetermined section of the programmable memory; calculating a number of data blocks in the predetermined section having a predetermined characteristic; comparing the calculated number to a threshold value; and defining the memory as including confidential data in the predetermined section if the calculated number has a predetermined relationship to the threshold value.
In some embodiments, the predetermined relationship comprises the calculated number being greater than the threshold value. In other embodiments, the predetermined relationship comprises the calculated number being less than the threshold value.
In accordance with a further aspect of the invention, an apparatus for controlling access to confidential data is provided. The apparatus comprises a programmable memory having a predefined section for storing confidential data. The predefined section includes a plurality of data blocks. The apparatus also comprises a logic circuit programmed to selectively access the predefined section to determine whether confidential data is present therein. The logic circuit identifies the presence of confidential data by identifying data blocks in the predefined section having a predetermined characteristic, by calculating the number of identified data blocks, and by comparing the number to a predetermined threshold value.
Other features and advantages are inherent in the apparatus claimed and disclosed or will become apparent to those skilled in the art from the following detailed description and its accompanying drawings.